US7076059B1 - Method and apparatus to implement the data encryption standard algorithm - Google Patents

Method and apparatus to implement the data encryption standard algorithm Download PDF

Info

Publication number
US7076059B1
US7076059B1 US10/052,054 US5205402A US7076059B1 US 7076059 B1 US7076059 B1 US 7076059B1 US 5205402 A US5205402 A US 5205402A US 7076059 B1 US7076059 B1 US 7076059B1
Authority
US
United States
Prior art keywords
output
coupled
xor gate
component
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US10/052,054
Inventor
Timothy W. Kiszely
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cavium International
Marvell Asia Pte Ltd
Original Assignee
Cavium Networks LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US10/052,054 priority Critical patent/US7076059B1/en
Application filed by Cavium Networks LLC filed Critical Cavium Networks LLC
Assigned to CAVIUM NETWORKS reassignment CAVIUM NETWORKS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KISZELY, TIMOTHY W.
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK INTELLECTUAL PROPERTY SECURITY AGREEMENT Assignors: CAVIUM NETWORKS
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY AGREEMENT Assignors: CAVIUM NETWORKS
Application granted granted Critical
Publication of US7076059B1 publication Critical patent/US7076059B1/en
Assigned to CAVIUM NETWORKS, INC., A DELAWARE CORPORATION reassignment CAVIUM NETWORKS, INC., A DELAWARE CORPORATION MERGER (SEE DOCUMENT FOR DETAILS). Assignors: CAVIUM NETWORKS, A CALIFORNIA CORPORATION
Assigned to CAVIUM NETWORKS INC reassignment CAVIUM NETWORKS INC RELEASE Assignors: SILICON VALLEY BANK
Assigned to Cavium, Inc. reassignment Cavium, Inc. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: CAVIUM NETWORKS, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT reassignment JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: CAVIUM NETWORKS LLC, Cavium, Inc.
Assigned to CAVIUM NETWORKS LLC, QLOGIC CORPORATION, CAVIUM, INC reassignment CAVIUM NETWORKS LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JP MORGAN CHASE BANK, N.A., AS COLLATERAL AGENT
Assigned to CAVIUM, LLC reassignment CAVIUM, LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: Cavium, Inc.
Assigned to CAVIUM INTERNATIONAL reassignment CAVIUM INTERNATIONAL ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CAVIUM, LLC
Assigned to MARVELL ASIA PTE, LTD. reassignment MARVELL ASIA PTE, LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CAVIUM INTERNATIONAL
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present invention is related to the field of data encryption.
  • the present invention is related to a method and apparatus to implement the data encryption standard algorithm.
  • the data encryption standard specifies a cryptographic algorithm for encrypting and decrypting binary information comprising of 64 bits using a 64-bit key. (Please see the federal information processing standards (FIPS) publication 46-2).
  • the DES specifies both encrypting and decrypting operations, and decrypting is accomplished by using the same key as is used for encrypting but with the schedule for addressing the key bits altered so that decrypting is the reverse of the encrypting process.
  • a key in the DES consists of 64 binary bits, 56 of these bits are randomly generated and are used by the DES algorithm. The other 8 bits of the key are used for error detection. Users of the encrypted computer data must have the key that was used to encrypt the data in order to decrypt it.
  • a data block that is to be encrypted is subject to an initial permutation (IP), then to a complex key-dependent computation, and finally to a permutation which is the inverse of the initial permutation (IP ⁇ 1 ).
  • FIG. 1 illustrates a block diagram of a prior art DES implementation 100 .
  • an input comprising a 64-bit block of data is subject to an IP, to form a permuted input block.
  • the permuted input block 110 is split into a left data block L i-4 120 and a right data block R i-4 115 .
  • Each block L i-4 and R i-4 comprises 32 data bits.
  • FIG. 1 illustrates 4 DES iterations ( 181 – 184 ) of the 16 DES iterations specified in (FIPS) publication 46-2.
  • the input block 105 is LR.
  • L′R′ L (+) f ( R, K ) [1]
  • (+) in equation [1] denotes bit-by-bit addition modulo 2, i.e., an exclusive-or (XOR) function.
  • the next DES iteration uses as input the output from the previous iteration.
  • the input block is the left data block L i-4 120 and the right data block R i-4 115 .
  • the standard specifies that the output of the 16th iteration is R′L′ (also called the pre-output block), which is input into an inverse permutation to generate an encrypted output L′R′.
  • R′L′ also called the pre-output block
  • a different block K of key bits called a sub key, is chosen from the 64-bit key.
  • the first DES iteration 181 includes a cipher function f(R, K) that comprises expanding R i-4 115 from 32 bits to 48 bits using expanding function E i-4 121 .
  • expanding function E i-4 121 takes a block of 32 R i-4 bits as input and generates a block of 48 bits as output.
  • the 48-bit expanded R i-4 output and a first arrangement of 48 sub key bits K i-4 125 are exclusive-or'd using an exclusive-or function called the first key exclusive-or function 130 .
  • the 48 bit output from the first key XOR function 130 is input into a selection function S i-4 135 to obtain a 32 bit selection function output.
  • Selection function S i-4 135 comprises 8 unique selection sub-functions, each of which take 6 bits of the 48 bit output from the first key exclusive-or function 130 as input and yields a 4-bit output.
  • the 32-bit selection function S i-4 135 output is input into a permutation function P i-4 140 to yield a 32-bit permuted result.
  • a second exclusive-or function called the first L component XOR function 145 , exclusive-ors the 32-bit permuted result with the 32 bit left data block L i-4 120 to yield a right output block R i-4 155 of the first DES iteration 181 .
  • the left output block, L i-3 150 of the first DES iteration comprises the 32-bits of the right data block R i-4 115 . This completes the first DES iteration 181 .
  • the left output block, L i-3 150 and the right output block R i-3 155 of the first DES iteration 181 serve as input into the second DES iteration 182 to obtain outputs L i-2 161 and R i-2 162 respectively as described above.
  • R i-3 155 is input into expanding function E i-3 154
  • the output from expanding function E i-3 154 is exclusive-ord with a second key block K i-3 157 using a second key XOR function 156 .
  • the output from the second key XOR function 156 is input into selection function S i-3 158
  • the output from selection function S i-3 158 is input into permutation function P i-3 159 to yield a 32 bit permuted result.
  • the output from permutation function P i-3 159 is exclusive-ord with L i-3 150 using a second L component XOR function 160 to form output R i-2 162 .
  • the left output block, L i-2 161 of the second DES iteration 182 comprises the 32-bits of the right data block R i-3 155 .
  • Subsequent DES iterations are repeated multiple times (e.g., at least 16 times) using the output from the previous iteration, with different key blocks. After the multiple iterations, a left and a right pre-output block is obtained. The pre-output blocks are input into IP ⁇ 1 (not shown) to obtain an encrypted output.
  • each cipher function f(R, K) includes two XOR functions (e.g., the first key XOR function 130 , and the first L component XOR function 145 of the first DES iteration 181 ) in the critical path of the calculation. Therefore, for 16 DES iterations, thirty-two XOR functions are in the critical path, and as a result the encryption and/or decryption of data is inefficient.
  • FIG. 1 illustrates a block diagram of a prior art DES implementation
  • FIG. 2 illustrates a block diagram of a DES implementation according to one embodiment of the invention
  • FIG. 3 illustrates an apparatus for a DES implementation according to one embodiment of the invention.
  • numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known architectures, steps, and techniques have not been shown to avoid obscuring the present invention.
  • the embodiments described herein are not related or limited to any particular hardware technology. Rather, the embodiments described may be constructed using various technologies (e.g., bi-polar technology, complimentary-metal-oxide-semiconductors (cmos) technology, etc.) in accordance with the teachings described herein. Similarly, it may prove advantageous to construct a specialized apparatus to perform the teachings described herein by way of discrete components, or by way of an integrated circuit that uses one or more integrated circuit die that may be interconnected. Lastly, repeated usage of the phrase “in one embodiment” does not necessarily refer to the same embodiment, although it may.
  • FIG. 2 illustrates a block diagram of a DES implementation according to one embodiment of the invention. As illustrated in FIG. 2 , the four DES iterations ( 181 – 184 ) of FIG. 1 are performed in a single clock cycle 200 . Thus, the embodiment of FIG. 2 performs 16 DES iterations in 4 clock cycles. Although the embodiment of FIG. 2 illustrates 4 DES iterations in a single clock cycle, other embodiments may perform other multiples (even or odd multiples) of DES iterations in a single clock cycle.
  • FIG. 2 illustrates a permuted input block split into a left data block L i-4 220 and a right data block R i-4 215 .
  • Each block L i-4 and R i-4 comprises 32 data bits.
  • the left data block L i-4 220 and the right data block R i-4 215 are expanded to 48 bits using the same expanding function E (In FIG. 2 , L i-4 220 and R i-4 215 respectively provided to instances of expanding function E i-3 221 and E i-4 222 ). Details of the expansion function E may be found in FIPS publication 46-2.
  • the output from expanding function E i-4 222 is exclusive-ord, using a key XOR function 230 , with a first sub-key block K i-4 225 .
  • the output from key XOR function 230 is input into a selection function S i-4 235 , and a first output from S i-4 235 is input into a permutation function P i-4 240 .
  • a second output from selection function S i-4 235 is input into a merged permutation and expansion (MPE) function MP′ i-4 E′ i-3 245 .
  • MPE merged permutation and expansion
  • the input to the MPE function is rearranged and expanded to form a 48-bit block of data from a 32-bit data block. For example, bits 7 , 16 , and 25 at the input of the MPE function, at 245 , form bits 47 , 46 , and 45 at the output of the MEP function.
  • the MPE function MP′ i-4 E′ i-3 245 combines functions P i-4 140 and E i-4 154 of FIG. 1 .
  • the output from the MPE function MP′ i-4 E′ i-3 245 , the output from E i-3 221 , and a second sub key block, K i-3 255 , comprising 48 key bits are input into a first merged L component key XOR function 250 .
  • the first merged L component key XOR function 250 effectively performs the operations of the first L component XOR function 145 and the second key XOR function 156 of FIG.
  • the expanding function 221 is used because its output is being inserted into the critical path after the MP′ i-4 E′ i-3 245 as L i-4 at the first merged L component key XOR function 250 , as opposed to in an unexpanded form at the first L component XOR function 145 ).
  • the output from the first merged L component key XOR function 250 is input into selection function S i-3 260 .
  • the first output from S i-3 260 is input into permutation function P i-3 265
  • the second output from S i-3 260 is input into MPE function MP′ i-4 E′ i-2 270 .
  • P i-3 g(L i-3 ,R i-4 ,K i-3 ) as illustrated in [5].
  • the MPE function MP′ i-3 E′ i-2 270 combines functions P i-3 159 and E i-2 163 of FIG. 1 .
  • the output from MPE function MP′ i-3 E′ i-2 270 , a third sub key block K i-2 275 , comprising 48 key bits, and the output from expanding function E i-4 222 are exclusive-ord, using a second merged L component key XOR function 280 .
  • the second merged L component key XOR function 280 effectively performs the operations of the second L component XOR function 160 and the third key XOR function 165 of FIG.
  • the output of the expanding function 222 is used because its output is being inserted into the critical path after the MP′ i-3 E′ i-2 270 as L i-3 at the second merged L component key XOR function 280 , as opposed to in an unexpanded form at the second L component XOR function 160 ).
  • the output from the second merged L component key XOR function 280 is input into the selection function S i-2 282 .
  • Selection function S i-2 282 has two outputs, the first output from S i-2 282 is input into permutation function P i-2 284 , and the second output from S i-2 282 is input into MPE function MP′ i-2 E′ i-1 286 .
  • P i-2 g(R i-4 ,K i-2 ) as illustrated in [6].
  • the MPE function MP′ i-2 E′ i-1 286 combines functions P i-2 169 and E i-1 173 of FIG. 1 .
  • the output from MPE function MP′ i-2 E′ i-1 286 , a fourth sub key block K i-1 290 , comprising 48 key bits, the output from expanding function E i-3 221 , and the output from MPE function MP′ i-4 E′ i-3 245 are exclusive-ord (e.g., using a four input exclusive-or gate), using a third merged L component key XOR function 288 .
  • the third merged L component key XOR function 288 effectively performs the operations of the third L component XOR function 170 and the fourth key XOR function 175 of FIG.
  • the expanding function 221 is used because its output is being inserted into the critical path after the MP′ i-2 E′ i-1 286 as L i-2 at the third merged L component key XOR function 288 , as opposed to in an unexpanded form at the third L component XOR function 170 .
  • the output from the third merged L component key XOR function 288 is input into the selection function S i-1 296 .
  • Selection function S i-1 296 has one output, the output from S i-1 296 is input into permutation function P i-1 297 .
  • P i-1 g(L i-4 ,R i-4 ,K i-3 ) as illustrated in [7].
  • the 32 bit output from permutation function P i-1 297 , the 32 bit output from permutation function P i-3 265 , and the 32 bit right data block R i-4 215 are input into a first collected L component XOR function 298 to obtain an intermediate ciphered right data word R i 299 .
  • the exclusive-oring of R i-4 215 (acting as L i-3 ) with the output of P i-3 159 generates R i-2 , which is the equivalent of L i-1 ; the exclusive-oring of this L i-1 with the output of P i-1 297 produces R i 299 .
  • the 32 bit output from permutation function P i-4 240 , the 32 bit output from permutation function P i-2 284 , and the 32 bit left data block L i-4 220 are input into an XOR function, called the second collected L component XOR function 292 to obtain an intermediate ciphered left data word L i 294 .
  • the exclusive-oring of L i-4 with the output of P i-4 240 generates R i-3 , which is the equivalent of L i-2 ; the exclusive-oring of this L i-2 with the output of P i-2 284 produces L i 294 ).
  • the output from L i 294 and R i 299 is fed back as an input to L i-4 220 and R i-4 215 .
  • This feed back of data is repeated multiple times (e.g., 4 times to complete 16 DES iterations), with different sub key blocks.
  • the outputs from L i 294 and R i 299 obtained are the pre-output blocks. These pre-output blocks are input into IP ⁇ 1 (not shown) to obtain a DES encrypted output.
  • L i 294 and R i 299 correspond with the values of L i 187 and R i 188 in prior art FIG. 1 .
  • the data flows through six XOR gates (i.e., XOR gates 230 , 250 , 280 , 288 , 292 and 299 ). More particularly, for the four DES iterations illustrated in FIG.
  • L i 294 is calculated concurrently with the input of data into MPE function MP′ i-2 E′ i-4 286 , achieving a further increase in efficiency.
  • the 16 DES iterations (required by the DES specification) have twenty XOR gates in the critical path. Having twenty XOR gates in the critical path for sixteen DES iterations as opposed to 32 XOR gates required in the critical path of the prior art increases the efficiency of the DES algorithm calculation.
  • While in one embodiment the functions shown in FIG. 2 are each performed in a separate hardware module (e.g., L i-4 220 is expanded using one hardware expanding module, while R i-4 215 is expanded using another hardware expanding module), in alternative embodiments certain modules are shared by two or more of the functions illustrated in FIG. 2 .
  • the exclusive-or functions are implemented using exclusive-or gates, alternative embodiments implement one or more of the XOR functions using a different combination of gates.
  • FIG. 2 illustrates performing 4 DES iterations per cycle, other embodiments may use other multiples of DES iterations so long as each DES cycle uses one or more MEP functions, and moves the non-key XOR functions out of the critical path.
  • the circuit performing the functions shown in FIG. 2 is implemented in an execution unit in a co-processor that communicates with a host processor via a bus
  • alternative embodiments may have multiple execution units within the co-processor wherein each execution unit performs encryption/decryption of data.
  • each execution unit performs encryption/decryption of data.
  • multiple blocks of data are simultaneously encrypted or decrypted.
  • the co-processor may reside within the processor such that communications between the co-processor and the processor are internal to the processor.
  • the co-processor is implemented in a network card as an inline processor so that communications between a processor on the network card and the co-processor occur via a peripheral bus (e.g., a PCI bus), alternative embodiments implement the co-processor in a router (e.g., in a line card), in a switch, in a server, or even in a personal computer.
  • a peripheral bus e.g., a PCI bus
  • FIG. 3 illustrates a typical computer system 300 in which the present invention operates.
  • the computer system is used for, implementing the DES algorithm.
  • One embodiment of the present invention is implemented using personal computer (PC) architecture. It will be apparent to those of ordinary skill in the art that alternative computer system architectures or other processor, programmable or electronic-based devices may also be employed.
  • PC personal computer
  • FIG. 3 includes a processing unit 302 coupled through a bus 301 to a system memory 313 .
  • System memory 313 comprises a read only memory (ROM) 304 , and a random access memory (RAM) 303 .
  • ROM 304 comprises Basic Input Output System (BIOS) 316
  • RAM 303 comprises operating system 318 , application programs 320 , agent 322 , and program data 324 .
  • BIOS Basic Input Output System
  • Computer system 300 includes mass storage device 307 , input devices 306 and display device 305 coupled to processing unit 302 via bus 301 .
  • Mass storage device 307 represents a persistent data storage device, such as a floppy disk drive, fixed disk drive (e.g., magnetic, optical, magneto-optical, or the like), or streaming tape drive.
  • Mass storage device stores program data 330 , application programs 328 , and operating system 326 .
  • Application programs 328 may include agent software 322 .
  • Processing unit 302 may be any of a wide variety of general purpose processors or microprocessors (such as the Pentium® processor manufactured by Intel® Corporation), a special purpose processor, or even a specifically programmed logic device.
  • the processing unit 302 communicates with co-processor 309 and sends co-processor 309 one or more commands to compute an encryption/decryption of a data block.
  • Co-processor 309 encrypts and/or decrypts the data block in accordance with the flow diagram illustrated in FIG. 2 , and provides processing unit 302 with the result of the encryption/decryption.
  • co-processor 309 comprises one or more execution units (not shown), wherein each execution unit performs the functions illustrated in FIG. 2 .
  • Display device 305 provides graphical output for computer system 300 .
  • Input devices 306 such as a keyboard or mouse are coupled to bus 301 for communicating information and command selections to processor 302 .
  • Also coupled to processor 302 through bus 301 are one or more network devices 308 that can be used to control and transfer data to electronic devices (printers, other computers, etc.) connected to computer 300 .
  • Network device 308 connects computer system 300 to a network 314 , and may include Ethernet devices, phone jacks and satellite links. This network 314 can connect computer 300 to another computer 312 .

Abstract

A method and apparatus to encipher a block of data using the data encryption standard comprising exclusive-oring, using an exclusive-or gate, the output from a merged permutation and expansion (MPE) and a sub key block, and sending the output from the exclusive-or gate to a selection function.

Description

BACKGROUND
1. Field of the Invention
The present invention is related to the field of data encryption. In particular, the present invention is related to a method and apparatus to implement the data encryption standard algorithm.
2. Description of the Related Art
The data encryption standard (DES) specifies a cryptographic algorithm for encrypting and decrypting binary information comprising of 64 bits using a 64-bit key. (Please see the federal information processing standards (FIPS) publication 46-2). The DES specifies both encrypting and decrypting operations, and decrypting is accomplished by using the same key as is used for encrypting but with the schedule for addressing the key bits altered so that decrypting is the reverse of the encrypting process.
A key in the DES consists of 64 binary bits, 56 of these bits are randomly generated and are used by the DES algorithm. The other 8 bits of the key are used for error detection. Users of the encrypted computer data must have the key that was used to encrypt the data in order to decrypt it.
A data block that is to be encrypted is subject to an initial permutation (IP), then to a complex key-dependent computation, and finally to a permutation which is the inverse of the initial permutation (IP−1).
FIG. 1 illustrates a block diagram of a prior art DES implementation 100. As illustrated in FIG. 1, at 105 an input comprising a 64-bit block of data is subject to an IP, to form a permuted input block. The permuted input block 110 is split into a left data block L i-4 120 and a right data block R i-4 115. Each block Li-4 and Ri-4 comprises 32 data bits. FIG. 1 illustrates 4 DES iterations (181184) of the 16 DES iterations specified in (FIPS) publication 46-2.
Mathematically, for each DES iteration if the 64 bits of an input block consists of a 32-bit block L followed by a 32-bit block R, then, the input block 105 is LR.
Let K be a block of 48 bits chosen from the 64-bit key. Then the output L′R′ of a single DES iteration with input LR is defined by:
L′=R and R′=L(+)f(R, K)  [1]
where (+) in equation [1] denotes bit-by-bit addition modulo 2, i.e., an exclusive-or (XOR) function. The next DES iteration uses as input the output from the previous iteration. For the first DES iteration 181, the input block is the left data block L i-4 120 and the right data block R i-4 115. After the first DES iteration, the output block is:
Li-3=Ri-4 and R i-3 =L i-4(+)f(R i-4 ,K i-4)  [2]
While the first 15 iterations have as their output L′R′, the standard specifies that the output of the 16th iteration is R′L′ (also called the pre-output block), which is input into an inverse permutation to generate an encrypted output L′R′. At each iteration, a different block K of key bits, called a sub key, is chosen from the 64-bit key. For details on choosing a sub key block in each DES iteration [1] please refer to FIPS publication 46-2.
The first DES iteration 181 includes a cipher function f(R, K) that comprises expanding R i-4 115 from 32 bits to 48 bits using expanding function E i-4 121. Thus, expanding function E i-4 121 takes a block of 32 Ri-4 bits as input and generates a block of 48 bits as output. The 48-bit expanded Ri-4 output and a first arrangement of 48 sub key bits K i-4 125 are exclusive-or'd using an exclusive-or function called the first key exclusive-or function 130. The 48 bit output from the first key XOR function 130 is input into a selection function S i-4 135 to obtain a 32 bit selection function output. Selection function S i-4 135 comprises 8 unique selection sub-functions, each of which take 6 bits of the 48 bit output from the first key exclusive-or function 130 as input and yields a 4-bit output. The 32-bit selection function S i-4 135 output is input into a permutation function P i-4 140 to yield a 32-bit permuted result. A second exclusive-or function, called the first L component XOR function 145, exclusive-ors the 32-bit permuted result with the 32 bit left data block L i-4 120 to yield a right output block R i-4 155 of the first DES iteration 181. The left output block, L i-3 150 of the first DES iteration comprises the 32-bits of the right data block R i-4 115. This completes the first DES iteration 181.
The left output block, L i-3 150 and the right output block R i-3 155 of the first DES iteration 181 serve as input into the second DES iteration 182 to obtain outputs L i-2 161 and R i-2 162 respectively as described above. Thus, Ri-3 155 is input into expanding function E i-3 154, and the output from expanding function E i-3 154 is exclusive-ord with a second key block K i-3 157 using a second key XOR function 156. The output from the second key XOR function 156 is input into selection function S i-3 158, and the output from selection function S i-3 158 is input into permutation function P i-3 159 to yield a 32 bit permuted result. The output from permutation function P i-3 159 is exclusive-ord with L i-3 150 using a second L component XOR function 160 to form output R i-2 162. The left output block, L i-2 161 of the second DES iteration 182 comprises the 32-bits of the right data block R i-3 155.
Subsequent DES iterations are repeated multiple times (e.g., at least 16 times) using the output from the previous iteration, with different key blocks. After the multiple iterations, a left and a right pre-output block is obtained. The pre-output blocks are input into IP−1 (not shown) to obtain an encrypted output.
As illustrated in FIG. 1 each cipher function f(R, K) includes two XOR functions (e.g., the first key XOR function 130, and the first L component XOR function 145 of the first DES iteration 181) in the critical path of the calculation. Therefore, for 16 DES iterations, thirty-two XOR functions are in the critical path, and as a result the encryption and/or decryption of data is inefficient.
BRIEF SUMMARY OF THE DRAWINGS
Examples of the present invention are illustrated in the accompanying drawings. The accompanying drawings, however, do not limit the scope of the present invention. Similar references in the drawings indicate similar elements.
FIG. 1 illustrates a block diagram of a prior art DES implementation;
FIG. 2 illustrates a block diagram of a DES implementation according to one embodiment of the invention;
FIG. 3 illustrates an apparatus for a DES implementation according to one embodiment of the invention.
 DETAILED DESCRIPTION
Described is a method and apparatus for implementing the DES algorithm. In the following description numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known architectures, steps, and techniques have not been shown to avoid obscuring the present invention.
In addition, it should be understood that the embodiments described herein are not related or limited to any particular hardware technology. Rather, the embodiments described may be constructed using various technologies (e.g., bi-polar technology, complimentary-metal-oxide-semiconductors (cmos) technology, etc.) in accordance with the teachings described herein. Similarly, it may prove advantageous to construct a specialized apparatus to perform the teachings described herein by way of discrete components, or by way of an integrated circuit that uses one or more integrated circuit die that may be interconnected. Lastly, repeated usage of the phrase “in one embodiment” does not necessarily refer to the same embodiment, although it may.
FIG. 2 illustrates a block diagram of a DES implementation according to one embodiment of the invention. As illustrated in FIG. 2, the four DES iterations (181184) of FIG. 1 are performed in a single clock cycle 200. Thus, the embodiment of FIG. 2 performs 16 DES iterations in 4 clock cycles. Although the embodiment of FIG. 2 illustrates 4 DES iterations in a single clock cycle, other embodiments may perform other multiples (even or odd multiples) of DES iterations in a single clock cycle.
The embodiment of FIG. 2 illustrates a permuted input block split into a left data block L i-4 220 and a right data block R i-4 215. Each block Li-4 and Ri-4 comprises 32 data bits. The left data block L i-4 220 and the right data block R i-4 215 are expanded to 48 bits using the same expanding function E (In FIG. 2, L i-4 220 and R i-4 215 respectively provided to instances of expanding function E i-3 221 and Ei-4 222). Details of the expansion function E may be found in FIPS publication 46-2.
For each DES cycle, 200, if the 64 bits of an input block is split into a left 32-bit block Li-4 followed by a right 32-bit block Ri-4, then, the permuted input block is Li-4Ri-4.
Let K represent four blocks of 48 bits chosen from the 64-bit key. Then the output LiRi of a single DES cycle 200 with input Li-4Ri-4 is defined by:
L i =L i-4(+)P i-4(+)P i-2, and R i =R i-4(+)P i-3(+)P i-1  [3]
where P i-4 =g(R i-4 ,K i-4)  [4]
P i-3 =g(L i-3 ,R i-4 ,K i-3)  [5]
P i-2 =g(R i-4 ,K i-2)  [6]
P i-1 =g(L i-4 ,R i-4 ,K i-1)  [7]
For each of the DES iterations in FIG. 2, four different blocks of key bits (225, 255, 275, and 290), called sub keys, are chosen from a 64-bit key. For details on choosing a key block please refer to FIPS publication 46-2.
After expanding the left data block L i-4 220 using expanding function E i-3 221 and the right data block R i-4 215 using expanding function E i-4 222 respectively, the output from expanding function E i-4 222 is exclusive-ord, using a key XOR function 230, with a first sub-key block K i-4 225. The output from key XOR function 230 is input into a selection function S i-4 235, and a first output from S i-4 235 is input into a permutation function P i-4 240.
Details of the permutation function may be found in FIPS publication 46-2. An alternate embodiment of the permutation function P is shown in Table 1.
TABLE 1
Permutation Function Bit Mapping
P Output Bits 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16
P Input Bits 16 25 12 11  3 20  4 15 31 17  9  6 27 14  1 22
P Output Bits 15 14 13 12 11 10  9  8  7  6  5  4  3  2  1  0
P Input Bits 30 24  8 18  0  5 29 23 13 19  2 26 10 21 28  7
Table 1 illustrates that permutation function P re-arranges the input to the permutation function P to yield the 32-bit output. For example, bits 16, 25 and 12 at the input of the permutation function yield bits 31, 30 and 29 at the output of the permutation function, and so on. Thus, the output of selection function S i-4 235 is re-arranged by permutation function P i-4 240. Hence, Pi-4=g(Ri-4,Ki-4) as illustrated in [4].
In addition, a second output from selection function S i-4 235 is input into a merged permutation and expansion (MPE) function MP′i-4E′i-3 245. The MPE function is illustrated in Table 2. (Note: the data in Table 1 and Table 2 is represented in msb:1sb bit format and not in the big endian format).
MEP function Out- 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32
put Bit
MEP function Input  7 16 25 12 11  3 11  3 20  4 15 31 15 31 17  9
Bit
MEP function Out- 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16
put Bit
MEP function Input  6 27  6 27 14  1 22 30 22 30 24  8 18  0 18  0
Bit
MEP function Out- 15 14 13 12 11 10  9  8  7  6  5  4  3  2  1  0
put Bit
MEP function Input  5 29 23 13 23 13 19  2 26 10 26 10 21 28  7 16
Bit
As illustrated in Table 2, the input to the MPE function is rearranged and expanded to form a 48-bit block of data from a 32-bit data block. For example, bits 7, 16, and 25 at the input of the MPE function, at 245, form bits 47, 46, and 45 at the output of the MEP function.
The MPE function MP′i-4E′i-3 245 combines functions P i-4 140 and E i-4 154 of FIG. 1. The output from the MPE function MP′i-4E′i-3 245, the output from E i-3 221, and a second sub key block, K i-3 255, comprising 48 key bits are input into a first merged L component key XOR function 250. The first merged L component key XOR function 250 effectively performs the operations of the first L component XOR function 145 and the second key XOR function 156 of FIG. 1 (it should now be understood that the expanding function 221 is used because its output is being inserted into the critical path after the MP′i-4E′i-3 245 as Li-4 at the first merged L component key XOR function 250, as opposed to in an unexpanded form at the first L component XOR function 145). The output from the first merged L component key XOR function 250 is input into selection function S i-3 260. The first output from S i-3 260 is input into permutation function P i-3 265, and the second output from S i-3 260 is input into MPE function MP′i-4E′i-2 270. Thus, Pi-3=g(Li-3,Ri-4,Ki-3) as illustrated in [5].
The MPE function MP′i-3E′i-2 270 combines functions P i-3 159 and E i-2 163 of FIG. 1. The output from MPE function MP′i-3E′i-2 270, a third sub key block K i-2 275, comprising 48 key bits, and the output from expanding function E i-4 222 are exclusive-ord, using a second merged L component key XOR function 280. The second merged L component key XOR function 280 effectively performs the operations of the second L component XOR function 160 and the third key XOR function 165 of FIG. 1 (it should now be understood that the output of the expanding function 222 is used because its output is being inserted into the critical path after the MP′i-3E′i-2 270 as Li-3 at the second merged L component key XOR function 280, as opposed to in an unexpanded form at the second L component XOR function 160). The output from the second merged L component key XOR function 280 is input into the selection function S i-2 282. Selection function S i-2 282 has two outputs, the first output from S i-2 282 is input into permutation function P i-2 284, and the second output from S i-2 282 is input into MPE function MP′i-2E′i-1 286. Thus, Pi-2=g(Ri-4,Ki-2) as illustrated in [6].
The MPE function MP′i-2E′i-1 286 combines functions P i-2 169 and E i-1 173 of FIG. 1. The output from MPE function MP′i-2E′i-1 286, a fourth sub key block K i-1 290, comprising 48 key bits, the output from expanding function E i-3 221, and the output from MPE function MP′i-4E′i-3 245 are exclusive-ord (e.g., using a four input exclusive-or gate), using a third merged L component key XOR function 288. The third merged L component key XOR function 288 effectively performs the operations of the third L component XOR function 170 and the fourth key XOR function 175 of FIG. 1 (it should now be understood that the expanding function 221 is used because its output is being inserted into the critical path after the MP′i-2E′i-1 286 as Li-2 at the third merged L component key XOR function 288, as opposed to in an unexpanded form at the third L component XOR function 170. The output from the third merged L component key XOR function 288 is input into the selection function S i-1 296. Selection function S i-1 296 has one output, the output from S i-1 296 is input into permutation function P i-1 297. Thus, Pi-1=g(Li-4,Ri-4,Ki-3) as illustrated in [7].
The 32 bit output from permutation function P i-1 297, the 32 bit output from permutation function P i-3 265, and the 32 bit right data block R i-4 215 are input into a first collected L component XOR function 298 to obtain an intermediate ciphered right data word R i 299. Specifically, the exclusive-oring of Ri-4 215 (acting as Li-3) with the output of P i-3 159 generates Ri-2, which is the equivalent of Li-1; the exclusive-oring of this Li-1 with the output of P i-1 297 produces R i 299. So also, the 32 bit output from permutation function P i-4 240, the 32 bit output from permutation function P i-2 284, and the 32 bit left data block L i-4 220 are input into an XOR function, called the second collected L component XOR function 292 to obtain an intermediate ciphered left data word L i 294. (Specifically, the exclusive-oring of Li-4 with the output of P i-4 240 generates Ri-3, which is the equivalent of Li-2; the exclusive-oring of this Li-2 with the output of P i-2 284 produces Li 294).
In one embodiment, the output from L i 294 and R i 299 is fed back as an input to Li-4 220 and R i-4 215. This feed back of data is repeated multiple times (e.g., 4 times to complete 16 DES iterations), with different sub key blocks. In one embodiment, after the fourth clock cycle (i.e., after the 16th DES iteration), the outputs from L i 294 and R i 299 obtained are the pre-output blocks. These pre-output blocks are input into IP−1 (not shown) to obtain a DES encrypted output.
L i 294 and Ri 299 (i.e., the output after 4 DES iterations) in FIG. 2 correspond with the values of L i 187 and R i 188 in prior art FIG. 1. However, as illustrated in FIG. 2, in order to obtain L i 294 and R i 299 the data flows through six XOR gates (i.e., XOR gates 230, 250, 280, 288, 292 and 299). More particularly, for the four DES iterations illustrated in FIG. 2, only five of the six XOR gates (i.e., XOR gates 230, 250, 280, 288, and 298) are in the critical path of the DES calculation, whereas in the prior art of FIG. 1 for four DES iterations, eight XOR gates (i.e., XOR gates 130, 145, 156, 160, 165, 170, 191, and 177) are in the critical path of the calculation. By eliminating XOR gates (145, 160, and 170) from the critical path the efficiency with which data is encrypted and/or decrypted is significantly improved.
In one embodiment, L i 294 is calculated concurrently with the input of data into MPE function MP′i-2E′i-4 286, achieving a further increase in efficiency.
In the embodiment illustrated in FIG. 2, the 16 DES iterations (required by the DES specification) have twenty XOR gates in the critical path. Having twenty XOR gates in the critical path for sixteen DES iterations as opposed to 32 XOR gates required in the critical path of the prior art increases the efficiency of the DES algorithm calculation.
While in one embodiment the functions shown in FIG. 2 are each performed in a separate hardware module (e.g., L i-4 220 is expanded using one hardware expanding module, while R i-4 215 is expanded using another hardware expanding module), in alternative embodiments certain modules are shared by two or more of the functions illustrated in FIG. 2. Similarly, while in one embodiment the exclusive-or functions are implemented using exclusive-or gates, alternative embodiments implement one or more of the XOR functions using a different combination of gates. Although the embodiment of FIG. 2 illustrates performing 4 DES iterations per cycle, other embodiments may use other multiples of DES iterations so long as each DES cycle uses one or more MEP functions, and moves the non-key XOR functions out of the critical path.
In one embodiment, the circuit performing the functions shown in FIG. 2 is implemented in an execution unit in a co-processor that communicates with a host processor via a bus, alternative embodiments may have multiple execution units within the co-processor wherein each execution unit performs encryption/decryption of data. In the embodiment with multiple execution units, multiple blocks of data are simultaneously encrypted or decrypted. In still other embodiments, the co-processor may reside within the processor such that communications between the co-processor and the processor are internal to the processor. In one embodiment, the co-processor is implemented in a network card as an inline processor so that communications between a processor on the network card and the co-processor occur via a peripheral bus (e.g., a PCI bus), alternative embodiments implement the co-processor in a router (e.g., in a line card), in a switch, in a server, or even in a personal computer.
FIG. 3 illustrates a typical computer system 300 in which the present invention operates. The computer system is used for, implementing the DES algorithm. One embodiment of the present invention is implemented using personal computer (PC) architecture. It will be apparent to those of ordinary skill in the art that alternative computer system architectures or other processor, programmable or electronic-based devices may also be employed.
In general, the computer systems illustrated by FIG. 3 includes a processing unit 302 coupled through a bus 301 to a system memory 313. System memory 313 comprises a read only memory (ROM) 304, and a random access memory (RAM) 303. ROM 304 comprises Basic Input Output System (BIOS) 316, and RAM 303 comprises operating system 318, application programs 320, agent 322, and program data 324.
Computer system 300 includes mass storage device 307, input devices 306 and display device 305 coupled to processing unit 302 via bus 301. Mass storage device 307 represents a persistent data storage device, such as a floppy disk drive, fixed disk drive (e.g., magnetic, optical, magneto-optical, or the like), or streaming tape drive. Mass storage device stores program data 330, application programs 328, and operating system 326. Application programs 328 may include agent software 322. Processing unit 302 may be any of a wide variety of general purpose processors or microprocessors (such as the Pentium® processor manufactured by Intel® Corporation), a special purpose processor, or even a specifically programmed logic device.
In one embodiment, the processing unit 302 communicates with co-processor 309 and sends co-processor 309 one or more commands to compute an encryption/decryption of a data block. Co-processor 309 encrypts and/or decrypts the data block in accordance with the flow diagram illustrated in FIG. 2, and provides processing unit 302 with the result of the encryption/decryption. In one embodiment, co-processor 309 comprises one or more execution units (not shown), wherein each execution unit performs the functions illustrated in FIG. 2.
Display device 305 provides graphical output for computer system 300. Input devices 306 such as a keyboard or mouse are coupled to bus 301 for communicating information and command selections to processor 302. Also coupled to processor 302 through bus 301 are one or more network devices 308 that can be used to control and transfer data to electronic devices (printers, other computers, etc.) connected to computer 300. Network device 308 connects computer system 300 to a network 314, and may include Ethernet devices, phone jacks and satellite links. This network 314 can connect computer 300 to another computer 312.
Thus, a method and apparatus have been disclosed for implementing the DES algorithm. While there has been illustrated and described what are presently considered to be example embodiments of the present invention, it will be understood by those skilled in the art that various other modifications may be made, and equivalents may be substituted, without departing from the true scope of the invention. Additionally, many modifications may be made to adapt a particular situation to the teachings of the present invention without departing from the central inventive concept described herein. Therefore, it is intended that the present invention not be limited to the particular embodiments disclosed, but that the invention include all embodiments falling within the scope of the appended claims.

Claims (21)

1. An apparatus comprising:
a left expansion module and a right expansion module, said left expansion module coupled to a first merged L component key XOR gate and to a third merged L component key XOR gate;
said right expansion module coupled to a key XOR gate, and to a second merged L component key XOR gate;
said key XOR gate coupled to a first selection function module (SFM), the first SFM having a first output and a second output;
said first output of the first SFM coupled to a first permutation function module (PFM) and the second output of the first SFM output is coupled to a first merged permutation and expansion function (MPE) module;
said first PFM coupled to a second collected L component XOR gate;
said first MPE module coupled to the first merged L component key XOR gate, and to the third merged L component key XOR gate;
said first merged L component key XOR gate coupled to a second SFM having a first output and a second output;
said first output of the second SFM coupled to a second PFM; and
said second PFM coupled to a first collected L component XOR gate.
2. The apparatus of claim 1 further comprising:
said second output of the second SFM coupled to a second MPE module;
said second MPE module coupled to the second merged L component key XOR gate;
said second merged L component key XOR gate coupled to a third SFM having a first output and a second output;
said first output of the third SFM coupled to a third PFM, and said second output of the third SFM coupled to a third MPE module;
said third MPE module coupled to said third merged L component key XOR gate;
said third merged L component key XOR gate coupled to a fourth SFM;
said fourth SFM coupled to a fourth PFM; and
said fourth PFM coupled to the first collected L component XOR gate.
3. The apparatus of claim 2 wherein the output of the second collected L component XOR gate is coupled to the input of the left expansion module and the output of the first collected L component XOR gate is coupled to the input of the right module function.
4. The apparatus of claim 2 wherein the key XOR gate exclusive-ors the output of the right expansion module and a first sub key block.
5. The apparatus of claim 2 wherein the first merged L component key XOR gate exclusive-ors the output of the first MPE module, the output from the left expansion module, and a second sub key block.
6. The apparatus of claim 2 wherein the second merged L component key XOR gate exclusive-ors the output of the second MPE module, the right expansion module, and a third sub key block.
7. The apparatus of claim 2 wherein the third merged L component key XOR gate exclusive-ors the output from the third MPE module, the left expansion module and a fourth sub key block.
8. A method to encrypt a block of data comprising:
splitting the block of data into a left data block and a right data block;
expanding the left data block and the right data block;
exclusive-oring, using a key XOR gate, the right expanded data block and a first sub key;
sending the output from the key XOR gate to a first selection function module (SFM), the first SFM having a first output and a second output;
sending data at the first output of the first SFM to a first permutation function module (PFM):
sending data at the second output of the first SFM to a first merged permutation and expansion function module (MPE);
exclusive-oring, using a first merged L component key XOR gate, the output from the first MPE, a second sub key and the expanded left data block;
sending the output from the first merged L component key XOR gate to a second SFM, the second SFM having a first output and a second output;
sending data at the first output of the second SFM to a second PFM;
sending data at the second output of the second SFM to a second MPE;
exclusive-oring, using a second merged L component key XOR gate, the output from the second MPE, a third sub key, and the expanded right data block;
sending the output from the second merged L component key XOR gate to a third SFM, the third SFM having a first output and a second output;
sending data from the first output of the third SFM to a third PFM;
sending data at the second output of the third SFM to a third MPE;
exclusive-oring, using a third merged L component key XOR gate, the output from the third MPE, a fourth key block, the left expanded data block, and the first MPE;
sending the output from the second merged L component key XOR gate to a fourth SFM; and
sending the output from the fourth SFM to a fourth PFM.
9. The method of claim 8 further comprising:
exclusive-oring the left data block, the first PFM output, and the third PFM output to form a left encrypted data block; and
exclusive-oring the right data block, the second PFM output, and the fourth PFM output to form a right encrypted data block.
10. The method of claim 9 wherein the left encrypted data block is obtained concurrently with sending the data to the third MPE.
11. An apparatus comprising;
a bus;
a coprocessor coupled to the bus, said coprocessor having a left expansion module and a right expansion module, said left expansion module coupled to a first merged L component key XOR gate and a third merged L component key XOR gate;
said right expansion module coupled to a key XOR gate, and a second merged L component key XOR gate;
said key XOR gate coupled to a first selection function module (SFM), the first SFM having a first output and a second output;
said first output of the first SFM coupled to a first permutation function module (PFM) and the second output of the first SFM output is coupled to a first merged permutation and expansion function (MPE) module;
said first PFM coupled to a second collected L component XOR gate;
said first MPE module coupled to the first merged L component key XOR gate, and to the third merged L component key XOR gate;
said first merged L component key XOR gate coupled to a second SFM having a first output and a second output;
said first output of the second SFM coupled to a second PFM; and
said second PFM coupled to a first collected L component XOR gate.
12. The apparatus of claim 11 further comprising:
said second output of the second SFM coupled to a second MPE module;
said second MPE module coupled to the second merged L component key XOR gate;
said second merged L component key XOR gate coupled to a third SFM having a first output and a second output;
said first output of the third SFM coupled to a third PFM, and said second output of the third SFM coupled to a third MPE module;
said third MPE module coupled to said third merged L component key XOR gate;
said third merged L component key XOR gate coupled to a fourth SFM;
said fourth SFM coupled to a fourth PFM; and
said fourth PFM coupled to the first collected L component XOR gate.
13. The apparatus of claim 12 wherein the output of the second collected L component XOR gate is coupled to the input of the left expansion module and the output of the first collected L component XOR gate is coupled to the input of the right expansion module.
14. The apparatus of claim 12 wherein the key XOR gate exclusive-ors the output of the right expansion module and a first sub key block.
15. The apparatus of claim 12 wherein the first merged L component key XOR gate exclusive-ors the output of the first MPE module, the output from the left expansion module, and a second sub key block.
16. The apparatus of claim 12 wherein the second merged L component key XOR gate exclusive-ors the output of the second MPE module, the right expansion module, and a third sub key block.
17. The apparatus of claim 12 wherein the third merged L component key XOR gate exclusive-ors the output from the third MPE module, the left expansion module and a fourth sub key block.
18. An apparatus to perform a data encryption standard iteration, said apparatus including an expansion module to receive a R input, a key XOR, a selection module, a permutation module, and a L component XOR gate, an improvement comprising:
a data encryption standard circuit to perform a series of iterations that contains no L component XOR gates, said data encryption standard circuit to include
an expansion module coupled to receive an L Input;
a merged permutation expansion module, coupled to the selection module of each iteration, that results from merging the permutation module of each iteration with the expansion module of the immediately following iteration in the series;
a plurality of merged L component key XOR gates each coupled between a different one of the merged permutation expansion modules and the selection module of the immediately following iteration in the series;
a plurality of permutation modules each coupled to one selection module of a different iteration; and
a first and second collected L component XOR gates, coupled to mutually exclusive sets of the permutation modules.
19. The apparatus of claim 18 further comprising the outputs from the first and second collected L component XOR gates fed back to the expansion module coupled to the L input and the expansion module coupled to the R input respectively.
20. An apparatus comprising:
a data encryption standard circuit having an L and R component input and including,
a critical path including,
a first and second expansion modules respectively coupled to receive the L and R components;
a plurality of selection function modules coupled to each other in series by a merged permutation and expansion module coupled to a merged L component key XOR gate;
a key XOR gate coupled to the first of the selection modules in the series;
a first of a plurality of permutation modules coupled to the last of the plurality of selection function modules in the series; and
a non-critical path including,
a first and second L component collection XOR module, said first and second L component collection modules coupled to mutually exclusive groups of the plurality of permutation modules, wherein each of the plurality of permutation modules is coupled to a different one of the selection function modules.
21. The apparatus of claim 20 wherein the output from the first L component collection module is fed back to the L component input, and the output from the second L component collection module is fed back to the R component input.
US10/052,054 2002-01-17 2002-01-17 Method and apparatus to implement the data encryption standard algorithm Active 2024-06-07 US7076059B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/052,054 US7076059B1 (en) 2002-01-17 2002-01-17 Method and apparatus to implement the data encryption standard algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/052,054 US7076059B1 (en) 2002-01-17 2002-01-17 Method and apparatus to implement the data encryption standard algorithm

Publications (1)

Publication Number Publication Date
US7076059B1 true US7076059B1 (en) 2006-07-11

Family

ID=36644157

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/052,054 Active 2024-06-07 US7076059B1 (en) 2002-01-17 2002-01-17 Method and apparatus to implement the data encryption standard algorithm

Country Status (1)

Country Link
US (1) US7076059B1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698227B1 (en) * 2005-07-14 2010-04-13 Sun Microsystems, Inc. System and method for providing traceable acknowledgement of a digital data distribution license
US9129060B2 (en) 2011-10-13 2015-09-08 Cavium, Inc. QoS based dynamic execution engine selection
US9128769B2 (en) 2011-10-13 2015-09-08 Cavium, Inc. Processor with dedicated virtual functions and dynamic assignment of functional resources
US10721172B2 (en) 2018-07-06 2020-07-21 Marvell Asia Pte, Ltd. Limiting backpressure with bad actors
US11700111B2 (en) 2019-06-26 2023-07-11 Cryptography Research, Inc. Platform neutral data encryption standard (DES) cryptographic operation

Citations (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3958081A (en) * 1975-02-24 1976-05-18 International Business Machines Corporation Block cipher system for data security
US3962539A (en) * 1975-02-24 1976-06-08 International Business Machines Corporation Product block cipher system for data security
US4319079A (en) * 1979-09-13 1982-03-09 Best Robert M Crypto microprocessor using block cipher
US4543646A (en) * 1980-06-05 1985-09-24 Western Digital Corporation Chip topography for MOS Data Encryption Standard circuit
US4947428A (en) * 1988-05-27 1990-08-07 Etat Francais, Represente Par Le Ministere Des Postes, Des Telecommunications Et De L'espace (C.N.E.T.) Process for the broadcasting and reception of access title control messages
US5289542A (en) * 1991-03-04 1994-02-22 At&T Bell Laboratories Caller identification system with encryption
US5351299A (en) * 1992-06-05 1994-09-27 Matsushita Electric Industrial Co., Ltd. Apparatus and method for data encryption with block selection keys and data encryption keys
US5442705A (en) * 1993-03-11 1995-08-15 Nec Corporation Hardware arrangement for enciphering bit blocks while renewing a key at each iteration
US5513262A (en) * 1992-02-18 1996-04-30 Tulip Computers International B.V Device for enciphering and deciphering, by means of the DES algorithm, data to be written to be read from a hard disk
US5539827A (en) * 1993-05-05 1996-07-23 Liu; Zunquan Device and method for data encryption
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5675653A (en) * 1995-11-06 1997-10-07 Nelson, Jr.; Douglas Valmore Method and apparatus for digital encryption
US5796837A (en) * 1995-12-26 1998-08-18 Electronics And Telecommunications Research Institute Apparatus and method for generating a secure substitution-box immune to cryptanalyses
US5835599A (en) * 1996-04-15 1998-11-10 Vlsi Technology, Inc. Muti-cycle non-parallel data encryption engine
US5949884A (en) * 1996-11-07 1999-09-07 Entrust Technologies, Ltd. Design principles of the shade cipher
US6006321A (en) * 1997-06-13 1999-12-21 Malleable Technologies, Inc. Programmable logic datapath that may be used in a field programmable device
US6108421A (en) * 1998-03-06 2000-08-22 Harris Corporation Method and apparatus for data encryption
US6150836A (en) * 1997-06-13 2000-11-21 Malleable Technologies, Inc. Multilevel logic field programmable device
US6272221B1 (en) * 1997-08-07 2001-08-07 Nec Corporation Encryption apparatus and computor-readable recording medium containing program for realizing the same
US6278783B1 (en) * 1998-06-03 2001-08-21 Cryptography Research, Inc. Des and other cryptographic, processes with leak minimization for smartcards and other cryptosystems
US6298136B1 (en) * 1996-05-20 2001-10-02 U.S. Philips Corporation Cryptographic method and apparatus for non-linearly merging a data block and a key
US6304658B1 (en) * 1998-01-02 2001-10-16 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus
US20020003876A1 (en) * 2000-06-08 2002-01-10 Young-Won Lim Encryption apparatus using data encryption standard algorithm
US20020009196A1 (en) * 2000-05-31 2002-01-24 Young-Won Lim Encryption device using data encryption standard algorithm
US20020012430A1 (en) * 2000-06-12 2002-01-31 Young-Won Lim Encryption apparatus using data encryption standard algorithm
US20020018562A1 (en) * 2000-06-13 2002-02-14 Hynix Semiconductor Inc. Key scheduler for encryption apparatus using data encryption standard algorithm
US20020021802A1 (en) * 2000-07-12 2002-02-21 Hirofumi Muratani Encryption apparatus, decryption appatatus, expanded key generating apparatus and method therefor, and recording medium
US6357009B1 (en) * 1996-08-20 2002-03-12 Hewlett-Packard Company Secure enablement of a processing entity
US6400824B1 (en) * 1996-11-12 2002-06-04 California Institute Of Technology Semiconductor imaging sensor with on-chip encryption
US20020106080A1 (en) * 2000-12-13 2002-08-08 Broadcom Corporation Methods and apparatus for implementing a cryptography engine
US20020106078A1 (en) * 2000-12-13 2002-08-08 Broadcom Corporation Methods and apparatus for implementing a cryptography engine
US6438569B1 (en) * 1999-09-20 2002-08-20 Pmc-Sierra, Inc. Sums of production datapath
US6442525B1 (en) * 1997-07-15 2002-08-27 Silverbrook Res Pty Ltd System for authenticating physical objects
US6466669B1 (en) * 1997-05-30 2002-10-15 Mitsubishi Denki Kabushiki Kaisha Cipher processor, IC card and cipher processing method
US20030002664A1 (en) * 2001-06-13 2003-01-02 Anand Satish N. Data encryption and decryption system and method using merged ciphers
US20030023950A1 (en) * 2001-01-10 2003-01-30 Wei Ma Methods and apparatus for deep embedded software development
US6542607B1 (en) * 1996-09-03 2003-04-01 Siemens Aktiengesellschaft Device and method for the cryptographic processing of a digital data stream presenting any number of data
US6578150B2 (en) * 1997-09-17 2003-06-10 Frank C. Luyster Block cipher method
US6704871B1 (en) * 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US6708273B1 (en) * 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit
US6816968B1 (en) * 1998-07-10 2004-11-09 Silverbrook Research Pty Ltd Consumable authentication protocol and system

Patent Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3962539A (en) * 1975-02-24 1976-06-08 International Business Machines Corporation Product block cipher system for data security
US3958081A (en) * 1975-02-24 1976-05-18 International Business Machines Corporation Block cipher system for data security
US4319079A (en) * 1979-09-13 1982-03-09 Best Robert M Crypto microprocessor using block cipher
US4543646A (en) * 1980-06-05 1985-09-24 Western Digital Corporation Chip topography for MOS Data Encryption Standard circuit
US4947428A (en) * 1988-05-27 1990-08-07 Etat Francais, Represente Par Le Ministere Des Postes, Des Telecommunications Et De L'espace (C.N.E.T.) Process for the broadcasting and reception of access title control messages
US5289542A (en) * 1991-03-04 1994-02-22 At&T Bell Laboratories Caller identification system with encryption
US5513262A (en) * 1992-02-18 1996-04-30 Tulip Computers International B.V Device for enciphering and deciphering, by means of the DES algorithm, data to be written to be read from a hard disk
US5351299A (en) * 1992-06-05 1994-09-27 Matsushita Electric Industrial Co., Ltd. Apparatus and method for data encryption with block selection keys and data encryption keys
US5442705A (en) * 1993-03-11 1995-08-15 Nec Corporation Hardware arrangement for enciphering bit blocks while renewing a key at each iteration
US5539827A (en) * 1993-05-05 1996-07-23 Liu; Zunquan Device and method for data encryption
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5661807A (en) * 1993-07-30 1997-08-26 International Business Machines Corporation Authentication system using one-time passwords
US5675653A (en) * 1995-11-06 1997-10-07 Nelson, Jr.; Douglas Valmore Method and apparatus for digital encryption
US5796837A (en) * 1995-12-26 1998-08-18 Electronics And Telecommunications Research Institute Apparatus and method for generating a secure substitution-box immune to cryptanalyses
US5835599A (en) * 1996-04-15 1998-11-10 Vlsi Technology, Inc. Muti-cycle non-parallel data encryption engine
US6298136B1 (en) * 1996-05-20 2001-10-02 U.S. Philips Corporation Cryptographic method and apparatus for non-linearly merging a data block and a key
US6357009B1 (en) * 1996-08-20 2002-03-12 Hewlett-Packard Company Secure enablement of a processing entity
US6542607B1 (en) * 1996-09-03 2003-04-01 Siemens Aktiengesellschaft Device and method for the cryptographic processing of a digital data stream presenting any number of data
US5949884A (en) * 1996-11-07 1999-09-07 Entrust Technologies, Ltd. Design principles of the shade cipher
US6400824B1 (en) * 1996-11-12 2002-06-04 California Institute Of Technology Semiconductor imaging sensor with on-chip encryption
US6466669B1 (en) * 1997-05-30 2002-10-15 Mitsubishi Denki Kabushiki Kaisha Cipher processor, IC card and cipher processing method
US6006321A (en) * 1997-06-13 1999-12-21 Malleable Technologies, Inc. Programmable logic datapath that may be used in a field programmable device
US6121791A (en) * 1997-06-13 2000-09-19 Malleable Technologies, Inc. Programmable logic datapath that may be used in a field programmable device
US6351142B1 (en) * 1997-06-13 2002-02-26 Pmc-Sierra, Inc. Programmable logic datapath that may be used in a field programmable device
US6150836A (en) * 1997-06-13 2000-11-21 Malleable Technologies, Inc. Multilevel logic field programmable device
US6442525B1 (en) * 1997-07-15 2002-08-27 Silverbrook Res Pty Ltd System for authenticating physical objects
US6272221B1 (en) * 1997-08-07 2001-08-07 Nec Corporation Encryption apparatus and computor-readable recording medium containing program for realizing the same
US6708273B1 (en) * 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit
US6704871B1 (en) * 1997-09-16 2004-03-09 Safenet, Inc. Cryptographic co-processor
US6578150B2 (en) * 1997-09-17 2003-06-10 Frank C. Luyster Block cipher method
US6751319B2 (en) * 1997-09-17 2004-06-15 Frank C. Luyster Block cipher method
US6381699B2 (en) * 1998-01-02 2002-04-30 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus
US6304658B1 (en) * 1998-01-02 2001-10-16 Cryptography Research, Inc. Leak-resistant cryptographic method and apparatus
US6108421A (en) * 1998-03-06 2000-08-22 Harris Corporation Method and apparatus for data encryption
US6278783B1 (en) * 1998-06-03 2001-08-21 Cryptography Research, Inc. Des and other cryptographic, processes with leak minimization for smartcards and other cryptosystems
US6816968B1 (en) * 1998-07-10 2004-11-09 Silverbrook Research Pty Ltd Consumable authentication protocol and system
US6438569B1 (en) * 1999-09-20 2002-08-20 Pmc-Sierra, Inc. Sums of production datapath
US20020009196A1 (en) * 2000-05-31 2002-01-24 Young-Won Lim Encryption device using data encryption standard algorithm
US6914984B2 (en) * 2000-06-08 2005-07-05 Hynix Semiconductor, Inc. Encryption apparatus using data encryption standard algorithm
US20020003876A1 (en) * 2000-06-08 2002-01-10 Young-Won Lim Encryption apparatus using data encryption standard algorithm
US20020012430A1 (en) * 2000-06-12 2002-01-31 Young-Won Lim Encryption apparatus using data encryption standard algorithm
US20020018562A1 (en) * 2000-06-13 2002-02-14 Hynix Semiconductor Inc. Key scheduler for encryption apparatus using data encryption standard algorithm
US20020021802A1 (en) * 2000-07-12 2002-02-21 Hirofumi Muratani Encryption apparatus, decryption appatatus, expanded key generating apparatus and method therefor, and recording medium
US20020106080A1 (en) * 2000-12-13 2002-08-08 Broadcom Corporation Methods and apparatus for implementing a cryptography engine
US20020106078A1 (en) * 2000-12-13 2002-08-08 Broadcom Corporation Methods and apparatus for implementing a cryptography engine
US20030023950A1 (en) * 2001-01-10 2003-01-30 Wei Ma Methods and apparatus for deep embedded software development
US20030002664A1 (en) * 2001-06-13 2003-01-02 Anand Satish N. Data encryption and decryption system and method using merged ciphers

Non-Patent Citations (19)

* Cited by examiner, † Cited by third party
Title
3.2.1 What is DES?, http://www.rsasecurity.com/rsalabs/faq/3-2-1.html, Jul. 13, 2001, one page.
AJ Elbirt and C. Paar, "Towards an FPGA Architecture Optimized for Public-Key Algorithms", Presented at SPIE's Symposium on Voice, Video, and Communications, Boston, MA, USA, Sep. 20, 1999.
Bruce Schneier, Applied Cryptography, 1996, John Wiley & Sons, pp. 270-278. *
Data Encryption Standard (DES); FIPS Pub 46-2, Dec. 30, 1993, 16 pages.
Eberle, Hans, A high-speed DES implementation for network applications, Sep. 23, 1992, <http://www.hpl.hp.com/techreports/Compaq-DEC/SRC-RR-90.html>. *
Federal Information Processing Standards Publication 46-2, Announcing the Data Encryption Standard (DES), http://raphael.math.uic.edu/~jeremy/crypt/text/desfips.txt, Jul. 13, 2001, 6 pages.
Frank Hoornaert, Jo Goubert, Yvo Desmedt, Efficient Hardware Implementation of the DES, Lecture Notes in Computer Science, vol. 196, Jan. 1985, p. 147. *
How SSL Works http://developer.netscape.com/tech/security/ssl/howitworks.html Jun. 1, 2001, five pages.
Internet Key Exchange Security Protocol http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t<SUB>-</SUB>3/isakmp.htm Feb. 6, 2002, 49 pages.
Internet Key Exchange Security Protocol www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t<SUB>-</SUB>3/isakmp.htm Jun. 1, 2001, 45 pages.
Kaps, Jens-Peter, High Speed FPGA Architectures for the Data Encryption Standard, May 1998, Worcester Polytechnic Institute. *
Lim, Efficient 8-Cycle DES implementation, 2000, IEEE, pp. 175-178. *
M. Shand and J. Vuillemin, "Fast Implementations of RSA Cryptography", Digital Equipment Corporation, Paris Research Laboratory (PRL).
McLoone et al., A High Performance FPGA Implementation of DES, 2000, IEEE. *
Menezes et al., Handbook of Applied Cryptography, 1996, CRC Press, pp. 223-282. *
Savolainen, Sampo, "Internet Key Exchange (IKE)", Department of Electrical and Communications Engineering, Helsinki University of Technology, Nov. 22, 1999, 12 pages.
Smith et al., Cryptographic Support in a Gigabit Network, 1992, Proceedings of INET. *
The Data Encryption Standard: An Update, http://raphael.math.uic.edu/~jeremy/crypt/text/des.txt, Jul. 13, 2001, 7 pages.
Wong et al., A Single Chip FPGA Implementation of the Data Encryption Standard (DES) Algorithm, 1998, IEEE, pp. 827-832. *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698227B1 (en) * 2005-07-14 2010-04-13 Sun Microsystems, Inc. System and method for providing traceable acknowledgement of a digital data distribution license
US9129060B2 (en) 2011-10-13 2015-09-08 Cavium, Inc. QoS based dynamic execution engine selection
US9128769B2 (en) 2011-10-13 2015-09-08 Cavium, Inc. Processor with dedicated virtual functions and dynamic assignment of functional resources
US9495161B2 (en) 2011-10-13 2016-11-15 Cavium, Inc. QoS based dynamic execution engine selection
US10721172B2 (en) 2018-07-06 2020-07-21 Marvell Asia Pte, Ltd. Limiting backpressure with bad actors
US11646971B2 (en) 2018-07-06 2023-05-09 Marvell Asia Pte, Ltd. Limiting backpressure with bad actors
US11700111B2 (en) 2019-06-26 2023-07-11 Cryptography Research, Inc. Platform neutral data encryption standard (DES) cryptographic operation

Similar Documents

Publication Publication Date Title
JP6592804B2 (en) Flexible architecture and instructions for the new encryption standard (AES)
US7822797B2 (en) System and method for generating initial vectors
US8301905B2 (en) System and method for encrypting data
US6189095B1 (en) Symmetric block cipher using multiple stages with modified type-1 and type-3 feistel networks
US8189792B2 (en) Method and apparatus for performing cryptographic operations
JPH1075240A (en) Method for protecting data transmission and device for ciphering or deciphering data
EP0802652A2 (en) Data encryptor having a scalable clock
US20180212761A1 (en) Hardware circuit to perform round computations of arx-based stream ciphers
US7496196B2 (en) Method apparatus and system of performing one or more encryption and/or decryption operations
Guan et al. Implementation of SM4 on FPGA: Trade-off analysis between area and speed
US7076059B1 (en) Method and apparatus to implement the data encryption standard algorithm
US7257229B1 (en) Apparatus and method for key scheduling
JP3769804B2 (en) Decoding method and electronic device
Manoj Kumar et al. Implementation of a High-Speed and High-Throughput Advanced Encryption Standard.
US20060198524A1 (en) Hardware implementation of the mixcolumn/invmiscolumn functions
US20100027781A1 (en) Method and apparatus for enhancing performance of data encryption standard (des) encryption/decryption
CN105049203A (en) Configurable 3DES encryption and decryption algorism circuit capable of supporting multiple work modes
Bajaj et al. AES algorithm for encryption
KR100494560B1 (en) Real time block data encryption/decryption processor using Rijndael block cipher and method therefor
EP1629626A1 (en) Method and apparatus for a low memory hardware implementation of the key expansion function
KR102348802B1 (en) AES encryption and decryption circuit
Palka et al. Design Flow of Blowfish Symmetric-Key Block Cipher on FPGA
Maurya et al. Performance Analysis of DES Secured FPGA
US7443981B1 (en) Execution unit for performing the data encryption standard
Prodhan et al. Performance Analysis of Parallel Implementation of Advanced Encryption Standard (AES) Over Serial Implementation

Legal Events

Date Code Title Description
AS Assignment

Owner name: CAVIUM NETWORKS, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KISZELY, TIMOTHY W.;REEL/FRAME:012770/0856

Effective date: 20020305

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:CAVIUM NETWORKS;REEL/FRAME:013446/0927

Effective date: 20021101

AS Assignment

Owner name: SILICON VALLEY BANK, CALIFORNIA

Free format text: SECURITY AGREEMENT;ASSIGNOR:CAVIUM NETWORKS;REEL/FRAME:013630/0621

Effective date: 20021101

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: CAVIUM NETWORKS, INC., A DELAWARE CORPORATION,CALI

Free format text: MERGER;ASSIGNOR:CAVIUM NETWORKS, A CALIFORNIA CORPORATION;REEL/FRAME:018898/0730

Effective date: 20070206

Owner name: CAVIUM NETWORKS, INC., A DELAWARE CORPORATION, CAL

Free format text: MERGER;ASSIGNOR:CAVIUM NETWORKS, A CALIFORNIA CORPORATION;REEL/FRAME:018898/0730

Effective date: 20070206

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: CAVIUM NETWORKS INC,CALIFORNIA

Free format text: RELEASE;ASSIGNOR:SILICON VALLEY BANK;REEL/FRAME:024445/0207

Effective date: 20100519

AS Assignment

Owner name: CAVIUM, INC., CALIFORNIA

Free format text: MERGER;ASSIGNOR:CAVIUM NETWORKS, INC.;REEL/FRAME:026610/0478

Effective date: 20110617

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT, ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNORS:CAVIUM, INC.;CAVIUM NETWORKS LLC;REEL/FRAME:039715/0449

Effective date: 20160816

Owner name: JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT, IL

Free format text: SECURITY AGREEMENT;ASSIGNORS:CAVIUM, INC.;CAVIUM NETWORKS LLC;REEL/FRAME:039715/0449

Effective date: 20160816

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553)

Year of fee payment: 12

AS Assignment

Owner name: QLOGIC CORPORATION, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JP MORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046496/0001

Effective date: 20180706

Owner name: CAVIUM, INC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JP MORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046496/0001

Effective date: 20180706

Owner name: CAVIUM NETWORKS LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JP MORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:046496/0001

Effective date: 20180706

AS Assignment

Owner name: CAVIUM, LLC, CALIFORNIA

Free format text: CHANGE OF NAME;ASSIGNOR:CAVIUM, INC.;REEL/FRAME:049367/0717

Effective date: 20180924

AS Assignment

Owner name: CAVIUM INTERNATIONAL, CAYMAN ISLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CAVIUM, LLC;REEL/FRAME:051948/0807

Effective date: 20191231

AS Assignment

Owner name: MARVELL ASIA PTE, LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CAVIUM INTERNATIONAL;REEL/FRAME:053179/0320

Effective date: 20191231